Antes, Conley, Morris, Schossow, Yee
Total Page:16
File Type:pdf, Size:1020Kb
Antes, Conley, Morris, Schossow, Yee Jessica Antes, Jennifer Conley, Richard Morris, Stephanie Schossow, Zonia Yee MIS 304 Professor F. Fang December 9, 2008 Cyber Crimes: Real Life and in the Virtual World Introduction Cyber crime is a growing concern both domestically and internationally. Cyber crime was the only concern once the Internet was accessible to everyone, but the problem has evolved into something much greater, virtual crime. First we will be discussing the different categories of cyber crimes: real life cyber crimes and virtual crimes. There is a distinction between the two types of crimes, and Cyber crimes are being taken to a whole new level in crime sprees. Due to the evolution of the virtual world and cyber crimes, some virtual crimes have crossed over into the real world. By definition cyber crimes are “unlawful acts wherein the computer is a tool or a target or both, it is also any form of threat to the public or private health or safety using the computer.” We have all heard about cyber crimes that range from financial crimes, cyber pornography, sales of illegal articles, online gambling, intellectual property crimes, e- mail spoofing, forgery, cyber defamation, and cyber stalking. Virtual Crime, as known as in game crimes, is similar to crimes that happen in real life, however, it happens in the virtual world. These crimes can range from theft, rape, murder, etc. We'll be discussing what happens when real world crimes meet the virtual world. Throughout the course of 1 Antes, Conley, Morris, Schossow, Yee this paper we will cover four different major types of cyber crimes with some real world examples, and what we can do to prevent some of these cyber crimes. The first cyber crime we will be discussing is the computer intrusion, also known as hacking. Hacker is generic term for a computer criminal often with a specific specialty in computer intrusion. While other definitions peculiar to the computer enthusiast community exist, they are rarely used in mainstream context. Computer hacking subculture is often referred to as the network hacker subculture or simply the computer underground (Sherling). Hacking developed directly from Phone Phreaking, a group which explores the phone network without authorization. Today there remains an overlap between both technology and group members of Phone Phreaking (Price). More legitimate forms of hacking are derived from early computer users in academic institutions, especially the MIT hacks. Most historians trace the roots of the hacker underground to the Yippies, a 1960s counterculture movement which published the Technological Assistance Program newsletter (Yippies). Hacker Groups The network hacking subculture is supported by regular real-world gatherings or groups called hacker conventions or "hacker cons." Hacker conventions draw in more people every year, there are several conventions during the year including SummerCon (Summer), DEF CON, HoHoCon (Christmas), PumpCon (Halloween), H.O.P.E. (Hackers on Planet Earth), and HEU (Hacking at the End of the Universe) (Thomas). The conventions have helped expand the definition and solidify the importance of the network hacker subculture in today’s world. Hacking in the Media 2 Antes, Conley, Morris, Schossow, Yee Hacking is such a large subculture in our world that has expanded into the area of media, including magazines, books, and even blockbuster movies. The most well known hacker magazines are: The Hacker Quarterly, Cult of the Dead Cow, and Legion of Doom. Hacker magazines are not just in print form, but they come in the form of ezines or internet sites. This gives hackers all over the world access to information in the ever changing culture. The magazines and ezines usually contain outdated information, however, they provide a way for people to improve the reputations of those who contributed by documenting their successes (Thomas). Fiction and Non-Fiction books about hacking are now very common. They are another way the subculture of hacking has gone mainstream. Some popular titles featuring hackers include: Snow Crash and the Sprawl Trilogy by William Gibson (Staples). Hackers from the network hacking subculture often show an interest in fictional cyberpunk and cyber culture literature and movies. The most well known movies that portray hackers include: Live Free or Die Hard, Swordfish and Enemy of the State. Hacker Attitudes The term "hacker" has a number of different meanings. Several subgroups with different attitudes and aims use different terms to define themselves from each other, or try to exclude some certain group with whom they do not agree with. In a computer security context, it is often synonymous with a computer intruder. Hackers have what some call Hacker Ethic. Hacker ethic can also be referred to as hacker belief. Hacker belief can be broken down into the following ideals: All information should be free; Mistrust authority- -promote decentralization; Hackers should be judged by their hacking, not bogus criteria 3 Antes, Conley, Morris, Schossow, Yee such as degrees, age, race, or position; You can create art and beauty on a computer; and Computers can change your life for the better (Taylor). It is common among hackers to use aliases for the purpose of concealing identity, rather than revealing their real names. Members of the network hacking scene are often being stereotypically described as crackers by the academic hacker subculture, yet they see themselves as hackers and even try to include academic hackers in what they see as one wider hacker culture, a view harshly rejected by the academic hacker subculture itself (Stuart). Hackers have broken themselves up into various groups based on their hacking intension. There are six hacker groups: White hat, Grey hat, Black hat, Cyber terrorist, Script Kiddie, and Hacktivist. The Following chart matches the hacker group names with their defined intensions (Cordingley). White Hat A white hat hacker breaks security for non-malicious reasons. Grey Hat A grey hat hacker is a hacker of ambiguous ethics and/or borderline legality, often frankly admitted. Black Hat A black hat hacker is someone who subverts computer security without authorization or who uses technology for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, or many other types of crime. Cyber A Cyberterrorist uses technology to commit terrorism. Their intentions terrorist are to cause harm to social, ideological, religious, political, or governmental establishments. Script Kiddie A script kiddie is a non-expert who breaks into computer systems by 4 Antes, Conley, Morris, Schossow, Yee using pre-packaged automated tools written by others. Hacktivist A hacktivist is a hacker who utilizes technology to announce a political message. Common Methods A typical approach in an attack on an Internet-connected system is network enumeration: Discovering information about the intended target. Vulnerability analysis is defined as identifying potential ways of attack. Exploitation is defined as attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis. In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts (Ajay). The following Chart list the 10 most common methods used by hackers and how they work (Blomquist). Security A security exploit is a prepared application that takes advantage Exploit of a known weakness. Vulnerability A vulnerability scanner is a tool used to quickly check computers on a scanner network for known weaknesses. Packet sniffer A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network. Spoofing A spoofing attack involves one program, system, or website Attack successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another program. Rootkit A rootkit is designed to conceal the compromise of a computer's 5 Antes, Conley, Morris, Schossow, Yee security, and can represent any of a set of programs which work to subvert control of an operating system from its legitimate operators. Social Social Engineering is the art of getting persons to reveal sensitive Engineering information about a system. This is usually done by impersonating someone or by convincing people to believe you have permissions to obtain such information. Trojan Horse A Trojan horse is a program which seems to be doing one thing, but is actually doing another. Virus A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Worm Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program. Keg Loggers A keylogger is a tool designed to record ('log') every keystroke on an affected machine for later retrieval. A famous hacktivist event is the hacking of the NASA offices in Greenbelt, Maryland. The hacktivists inserted a worm named, WANK, Worms Against Nuclear Killers. "This worm ran a banner across all of NASA system computers as part of a protest to stop the launch of the plutonium-fueled, Jupiter-bound Galileo probe." No one is sure who the hacktivist was, but it was said to have cost NASA nearly a million dollars to clean up (Iozzio). A recent hacking incident involved a 17-year-old boy known as "Dshocker." He was well 6 Antes, Conley, Morris, Schossow, Yee known in the online gaming world for attacking other hackers. He was recently charged and plead guilty to multiple computer felonies including, computer fraud, interstate threats and four counts of wire fraud. For thus he plead down to only get 11 months in a juvenile detention center. Had he been charged as an adult he would have faced a maximum of 10 years in jail and $250,000 in fines.